HHS recently started changing their breach tool. Unfortunately, at times they seem to add breaches before their more recent updates, and we may not notice they’ve been added if we’re used to starting at where we left off in their list. Today, I discovered a few more breaches they had added:
Kmart reported 16,446 were affected by the theft of EMR. Although HHS’s log shows the state as IL, I suspect they just used the corporate headquarters address and that this may be the breach in Pennsylvania previously noted on this blog.
Lewis J. Sims, DPM, PC (d/b/a Sims And Associates Podiatry) in New York reported that laptops stolen on January 10, 2014 contained information on 6,475 patients. A notification, linked from the footer of their website, says:
A burglary and theft of computer equipment from the office of Lewis J. Sims, DPM dba Sims and Associates Podiatry, 19 Baker Avenue., Suite 203, Poughkeepsie, New York, may have compromised the privacy and security of patient information. The incident occurred between the evening of Friday, January 10, 2014, and 9:30 a.m. on Sunday, January 12, 2014, and was discovered around 9:30 a.m. on Sunday, January 12, 2014. Three laptop computers containing patient data were stolen.
The patient information on the stolen laptops included names, addresses, phone numbers, genders, dates of birth, ages, and internal chart numbers. For patients undergoing vascular testing during 2007 through January 10, 2014, the information also likely included last visit dates, vascular testing information, health insurance information, and Social Security numbers. For patients prescribed orthotics from mid-2012 through January 10, 2014, the information also likely included weights and orthotics prescribed. If patient x-rays were taken during 2004 through January 10, 2014, the information also likely included x-ray dates and imaging.
The Poughkeepsie Police Department report is case number 400695. There has been no evidence of misuse of any affected person’s information, and a review of procedures to enhance security and theft protection is ongoing. Anyone possibly affected should monitor financial accounts and Health Insurance Explanation of Benefits. Additionally, they should call (877) 322- 8228 or go to www.annualcreditreport.com to obtain a free credit report from the U.S. credit reporting agencies (Equifax, Experian, and TransUnion) as well as contact those agencies and go to the New York Attorney General’s Office website at www.ag.ny.gov for information about identity theft protection, including security freezes.
For more information: call toll free 855-249-0045 and ask to speak with Rosemary, or email at simsandassociatespodiatry.com, or by mail to 19 Baker Avenue., Suite, 203 Poughkeepsie, NY 12601.
A breach involving the University of Miami that occurred in June 2013 was also added to the breach tool. The breach, which involved paper records, affected 13,074 patients, and may be the breach previously noted here.
The Kroger Co., For Itself And Its Affiliates And Subsidiaries reported that 504 were affected by a breach on October 30, 2013 that involved EMR.